PERSONAL DATA PROCESSING AND PROTECTION POLICY

  1. GENERAL PROVISIONS

    1.1. This Personal Data Processing and Protection Policy (hereinafter – the Policy) adopted at SMARTEQ Company LLC (Taxpayer Identification Number (INN) 7802524548, Primary State Registration Number (OGRN) 1157847183922, location: d. 15, lit. A, ul. Novolitovskaya, Saint Petersburg, 194100 Russia (hereinafter – the Company) has been developed in compliance with the requirements of Clause 2 Part 1 Article 18.1 of the Federal Law No. 152-FL "On Personal Data" as of July 27, 2006 (hereinafter – the Law on Personal Data) in order to ensure the protection of rights and freedoms of man and citizen during processing of personal data, including protection of privacy rights and personal and family secrets.

    1.2. This Policy defines the processing procedure and measures to protect personal data of the Company's employees, website visitors, contractors, and any other individuals interacting with the Company, in order to make sure the rights and freedoms of man and citizen are protected when processing their personal data.

    1.3. The following basic concepts are used in this Policy:

    1. 1.3.1.  personal data processing shall mean any action (activity) or set of actions (activities) performed to process personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, or destruction of personal data, using automation tools or without using such tools;
    2. 1.3.2.  personal data shall mean any information directly or indirectly related to a specific or certain person (personal data subject);
    3. 1.3.3.  personal data provision shall mean actions aimed at the personal data disclosure to a specific person or a certain circle of persons;
    4. 1.3.4.  personal data distribution shall mean actions aimed at the personal data disclosure to an indefinite circle of persons;
    5. 1.3.5.  cross-border personal data transfer shall mean personal data transfer to the territory of a foreign state for a government body of the foreign state, to a foreign individual, or to a foreign corporate entity;
    6. 1.3.6.  personal data destruction shall mean actions, as a result of which it becomes impossible to restore the personal data contents in the personal data information system, and (or) as a result of which the physical data storage media are destroyed; 
    7. 1.3.7.  cookies shall mean data fragments that are stored on a computer or other device that belongs to a person who visits the Company's website, indicating the pages visited.

    1.4. Pursuant to the requirements of Part 2 Article 18.1 of the Law on Personal Data, this Policy is freely available on the Company website.
     

  2. PRINCIPLES OF PERSONAL DATA PROCESSING

    2.1 Personal data processing is performed by the Company based on the following principles:

    1. 2.1.1.  legitimacy;
    2. 2.1.2.  limitations with specific, predetermined, and legitimate goal achievement;
    3. 2.1.3.  preventing personal data processing that does not comply with the personal data collecting purposes;
    4. 2.1.4.  compliance of the personal data contents and volume with the data processing goals;
    5. 2.1.5.  personal data storage in the form that allows to identify the personal data subject for no longer than required by the personal data processing purpose, if the personal data storage period is not established by the Federal Law or the contract;
    6. 2.1.6.  destruction or anonymization of personal data upon achievement of the processing goals or in case it is no longer necessary to achieve these goals, unless otherwise provided by the Federal Law.
       
  3. PURPOSES OF PERSONAL DATA PROCESSING

    3.1. The personal data processing is carried out by the Company for the following purposes:

    • ensuring the compliance with the Constitution of the Russian Federation, Federal Laws and other regulatory acts of the Russian Federation;
    • carrying out Company activities in accordance with the Company Charter, performing under the Labor Code of the Russian Federation;
    • HR recording, attracting, and selecting candidates to work for the Company;
    • assisting the employees in the field of professional training and career advancement, monitoring quantity and quality of the work performed, ensuring the safety of property;
    • attraction and selection of candidates to work with the Company;
    • organization of employees’ individual (personified) registration in the mandatory pension insurance system;
    • filling out and submitting to the government agencies and other authorized organizations the required reporting forms;
    • implementation of the civil law relations, including provision of services to the individuals;
    • accounting;
    • access control.
       
  4. LEGAL GROUNDS FOR PERSONAL DATA PROCESSING

    The legal grounds for the personal data processing are a set of regulatory legal acts, pursuant to which and in accordance with which the Company processes personal data, including:

    • Constitution of the Russian Federation;
    • Civil Code of the Russian Federation;
    • Labor Code of the Russian Federation;
    • Tax Code of the Russian Federation;
    • Federal Law as of February 08, 1998 No. 14-FL “On Limited Liability Companies”;
    • Federal Law as of December 15, 2001 No. 167-FL “On Compulsory Pension Insurance in the Russian Federation”;
    • Federal Law as of July 27, 2006 No. 152-FL “On Personal Data”;
    • Federal Law as of December 06, 2011 No. 402-FL “On Accounting”;
    • other regulatory legal acts regulating relations connected to the Company activities.

    The legal ground for the personal data processing is also:

    • the Company Charter;
    • agreements between the Company and personal data subjects;
    • consents of the personal data subjects to personal data processing.
       
  5. SCOPE AND CATEGORIES OF PERSONAL DATA TO BE PROCESSED, CATEGORIES OF PERSONAL DATA SUBJECTS

    5.1. Contents and scope of the personal data to be processed shall comply with the declared processing goals, which are indicated in Section 3 of this Policy. The personal data to be processed shall not be redundant in relation to the stated purposes of its processing.

    5.2. The Company may process personal data of the following categories of personal data subjects.

    5.2.1. Candidates to be employed with the Company:

    • full name;
    • gender;
    • citizenship;
    • date and place of birth;
    • contact information (mobile and (or) home phone number, email address, Skype account or accounts of similar systems if necessary);
    • information on education, work experience, qualifications;
    • other personal data communicated by the candidates in their CVs and cover letters.

    5.2.2. Employees and former employees of the Company:

    • full name;
    • gender;
    • citizenship;
    • date and place of birth;
    • image (photograph);
    • passport data;
    • registration address at the place of residence;
    • address of the actual residence;
    • contact details;
    • taxpayer identification number;
    • insurance number of an individual personal account (SNILS);
    • information on education, qualifications, professional training and advanced training;
    • marital status, children, relatives;
    • information on labor activity, including incentives, awards and (or) disciplinary sanctions;
    • marriage registration data;
    • information on military service;
    • information on disability;
    • information on maintenance deduction;
    • information on income from the previous place of employment;
    • bank details;
    • other personal data provided by the employees in accordance with the requirements of labor legislation.

    5.2.3. Family members of the Company employees:

    • full name;
    • degree of kindred;
    • year of birth;
    • other personal data provided by the employees in accordance with the requirements of labor legislation.
    • 5.2.4. Company contractors (individuals):
    • full name;
    • date and place of birth;
    • passport data;
    • registered domicile;
    • contact details;
    • position held;
    • taxpayer identification number;
    • bank details;
    • cookies;
    • other personal data provided by the contractors (individuals) necessary to sign and execute contracts.

    5.2.5. Representatives (employees) of the Company contractors that are corporate entities:

    • full name;
    • passport data;
    • contact details;
    • position held;
    • other personal data provided by the representatives (employees) of the counterparties necessary for conclusion and execution of the contracts.

    5.3. The biometric personal data (information that characterizes physiological and biological characteristics of a person, based on which it is possible to establish his/her identity) is processed by the Company in accordance with the Russian law.

    5.4. The Company does not process any special categories of personal data regarding race, ethnical background, political views, religious or philosophical beliefs, or health condition, unless otherwise provided for by the Russian law.
     

  6. RIGHTS OF PERSONAL DATA SUBJECTS

    6.1. The personal data subjects are entitled:

    • to receive complete information regarding his/her personal data processing by the Company, unless otherwise provided by the Russian law;
    • to require correction of incorrect or incomplete personal data;
    • to require blocking or destruction of personal data if the personal data is incomplete, outdated, or inaccurate;
    • to withdraw their consent to personal data processing in cases provided for by the Russian law;
    • to exercise other rights provided for by the Russian law.
       
  7. COMPANY ACTIONS TO PROTECT PERSONAL DATA

    7.1. To make sure the personal data remains protected during processing, the Company will take action to prevent unauthorized or accidental unlawful access, destruction, alteration, blocking, copying, and other actions that may undermine the protection features established for the personal data, which include:

    - confidentiality (the information shall be kept from being disclosed to any third parties without the data subject’s consent, which is binding to persons who have access to the information);

    - integrity (the information may not be changed or it may be changed only intentionally by the subjects entitled to do so);

    - accessibility (the information may be freely accessed by those who have the corresponding access rights).

    7.2. The Company will take necessary legal, organizational, and technical action to protect personal data against unlawful or accidental access, destruction, alteration, blocking, distribution and other unauthorized operations, whereas it does as follows:

    7.2.1. identify threats to the personal data protection during processing;

    7.2.2. adopt local regulatory statutes and other documents regulating relations in the field of personal data processing and protection;

    7.2.3. appoint persons responsible for personal data protection in the structural divisions of the Company; restrict access rights to lockable rooms and offices where the personal data is stored as hard copies;

    7.2.4. create necessary conditions to work with personal data;

    7.2.5. organize accounting of documents containing personal data;

    7.2.6. organize work with the information systems where the personal data is processed;

    7.2.7. store personal data in safe conditions that exclude any unauthorized access;

    7.2.8. set individual passwords for employees to access information systems with personal data in accordance with their duties;

    7.2.9. organize a training course for the Company employees engaged in personal data processing.
     

  8. PROCEDURE AND TERMS OF PERSONAL DATA PROCESSING

    8.1. Personal data processing is carried out by the Company in accordance with the requirements of the legislation of the Russian Federation.

    8.2. Personal data processing will be carried out upon consent of the personal data subjects to personal data processing, as well as without it in cases stipulated by the Russian law.

    8.3. The Company carries out both automated and non-automated personal data processing.

    8.4. The Company employees whose official duties include personal data processing may process personal data.

    8.5. The personal data is processed by:

    8.5.1. receipt of spoken and written personal data directly from personal data subjects;

    8.5.2. personal data receipt from publicly available sources;

    8.5.3. entering personal data into Company records, registers and information systems;

    8.5.4. use of other personal data processing methods.

    8.6. In the course of its activities, the Company may provide and/or entrust the personal data processing to other persons upon consent of the personal data subject, unless otherwise provided by the Russian law on personal data. In this case, the parties shall maintain confidentiality and ensure the personal data protection during processing. This is a compulsory condition for provision of and (or) entrusting to process personal data to other persons.

    8.7. Transferring personal data to the bodies of inquiry and investigation, to the Federal Tax Service, Pension Fund of the Russian Federation, Social Insurance Fund and other authorized executive bodies and institutions will be carried out in accordance with the Russian law.

    8.8. The Company stores personal data in a way that allows determining the personal data subject for no longer than personal data processing purposes require, if the personal data storage period is not established by the Federal Law or contract.

    8.9. When collecting personal data, including through the Internet, the Company provides for recording, systematization, accumulation, storage, improvement (updating, changing), or extraction of personal data of the Russian citizens using databases located in the Russian Federation, except for the cases specified by the Law on Personal Data.

    8.10. When processing personal data, the Company ensures its accuracy, adequacy and, if necessary, relevance in relation to the personal data processing purposes. The Company will take necessary action (ensures its adoption) to delete or clarify incomplete or inaccurate personal data.

    8.11. The Company processes personal data without cross-border transfer.

    8.12. The Company recognizes as confidential any information provided by users of the Company services. While using the Company services, the user, being the personal data subject, confirms his/her consent to processing of all the provided personal data, including the personal data necessary for using the Company services. The Company is not entitled to disclose personal data that belongs to users of Company services, except for cases provided for by the applicable Russian law and terms of the Contract.
     

  9. UPDATING, CORRECTION, DELETING AND DESTRUCTION OF PERSONAL DATA, RESPONSES TO REQUESTS CONCERNING PERSONAL DATA ACCESS

    9.1. Confirmation of personal data processing by the Company, legal grounds and purposes of personal data processing, as well as other information specified by Paragraph 7 Article 14 of the Law on Personal Data are provided by the Company to the personal data subject or his/her representative upon request or upon receipt of a request form from the personal data subject or his/her representative.

    The information provided does not include personal data related to other personal data subjects, unless there are legal grounds for such personal data disclosure.

    The request shall contain:

    • number of master document proving the identity of a personal data subject or his/her representative, information on the date of issue of the said document and the authority that issued it;
    • information confirming the relations of the said personal data subject with the Company (contract number, date of executing the contract, conditional verbal designation and (or) other information), or information that otherwise confirms the fact of personal data processing by the Company;
    • signature of the personal data subject or his/her representative
    • The request form may be sent and signed electronically in accordance with the Russian law.
    • If the appeal (request) of the personal data subject in accordance with the requirements of the Law on Personal Data does not reflect all the necessary information, or the personal data subject does not have access rights to the requested information, the Company will send a motivated refusal.

    9.2. The personal data subject’s rights to access his/her personal data may be limited in accordance with Paragraph 8 Article 14 of the Law on Personal Data, in particular if the access of the personal data subject to his/her personal data could violate the rights and legitimate interests of any third parties.

    9.3. If inaccurate personal data is detected as the personal data subject or his/her representative applies to the Company, the Company will, either at their request or at the request of Roskomnadzor, block the personal data related to the personal data subject from the moment of request or upon receipt of the specified request form to the day of the data verification if the blocking of the personal data does not violate any rights or interests of the personal data subject or third parties.

    If the personal data inaccuracy is confirmed, the Company will, based on information provided by the personal data subject or his/her representative or Roskomnadzor, or other necessary documents, amend the personal data within seven business days from the date of submitting such information and un block the personal data.

    9.4. In case the personal data unlawful processing is detected as the personal data subject or his/her representative applies (sends a request form) to the Company, the Company will block the illegally processed personal data related to this personal data subject from the day of appeal or receiving the request form.

    9.5. Upon reaching the personal data processing goals, as well as if the personal data subject withdraws their consent to personal data processing, personal data must be destroyed:

    • unless otherwise provided for by the contract, to which the personal data subject is a party;
    • the Company is not entitled to processing without the personal data subject’s consent on the grounds provided for by the Law on Personal Data or other Russian federal laws;
    • unless otherwise provided for by another agreement between the Company and the personal data subject.

    9.6. Destruction of hard copies of personal data occurs using a shredder, electronic copies of personal data will be destroyed by erasing or formatting the medium. The personal data destruction will documented with an act on media destruction.
     

  10. COOKIES POLICY

    10.1. The Company uses server logs and automated tools for data collecting such as cookies, on its website. The data collected in this way is tied to personal details of the website visitor. The cookies are necessary to make sure the website operates correctly and to identify the preferences of a website visitor. Data collection tools automatically track and collect some technical data that a visitor’s computer or device sends, for example: IP address; browser type and language; link pages and exit pages; URL; type of platform; number of clicks; domain name; landing pages, information about the visits; pages viewed (including the order in which they are viewed) (we can share this information with third parties); amount of time spent on specific pages; game data; date and time of user activity on the website and other similar information. By continuing to use the Company website, the website visitor expresses his/her consent to use of the cookies.

    10.2. A website visitor can configure his/her web browser to warn of attempts to save cookies, limit the cookies type or block them. The detailed information may be found in instructions posted on the official website of your web browser. However, please bear in mind that, when cookies are disabled, not all website sections/functions will be available.
     

  11. COMPANY NAME:

    SMARTEQ Company LLC

    Taxpayer Identification Number (INN) 7802524548

    Primary State Registration Number (OGRN) 1157847183922

    Location: d. 15, lit. A, ul. Novolitovskaya

    Saint Petersburg, 194100 Russia

    E-mail: sales@hoteza.com

    Phone: +7 812 640 2447